|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\user;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Core\Access\AccessResult;
|
|
Chris@0
|
6 use Drupal\Core\Access\AccessResultNeutral;
|
|
Chris@17
|
7 use Drupal\Core\Access\AccessResultReasonInterface;
|
|
Chris@0
|
8 use Drupal\Core\Entity\EntityInterface;
|
|
Chris@0
|
9 use Drupal\Core\Entity\EntityAccessControlHandler;
|
|
Chris@0
|
10 use Drupal\Core\Field\FieldDefinitionInterface;
|
|
Chris@0
|
11 use Drupal\Core\Field\FieldItemListInterface;
|
|
Chris@0
|
12 use Drupal\Core\Session\AccountInterface;
|
|
Chris@0
|
13
|
|
Chris@0
|
14 /**
|
|
Chris@0
|
15 * Defines the access control handler for the user entity type.
|
|
Chris@0
|
16 *
|
|
Chris@0
|
17 * @see \Drupal\user\Entity\User
|
|
Chris@0
|
18 */
|
|
Chris@0
|
19 class UserAccessControlHandler extends EntityAccessControlHandler {
|
|
Chris@0
|
20
|
|
Chris@0
|
21 /**
|
|
Chris@0
|
22 * Allow access to user label.
|
|
Chris@0
|
23 *
|
|
Chris@0
|
24 * @var bool
|
|
Chris@0
|
25 */
|
|
Chris@0
|
26 protected $viewLabelOperation = TRUE;
|
|
Chris@0
|
27
|
|
Chris@0
|
28 /**
|
|
Chris@0
|
29 * {@inheritdoc}
|
|
Chris@0
|
30 */
|
|
Chris@0
|
31 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
|
|
Chris@0
|
32 /** @var \Drupal\user\UserInterface $entity*/
|
|
Chris@0
|
33
|
|
Chris@0
|
34 // We don't treat the user label as privileged information, so this check
|
|
Chris@0
|
35 // has to be the first one in order to allow labels for all users to be
|
|
Chris@0
|
36 // viewed, including the special anonymous user.
|
|
Chris@0
|
37 if ($operation === 'view label') {
|
|
Chris@0
|
38 return AccessResult::allowed();
|
|
Chris@0
|
39 }
|
|
Chris@0
|
40
|
|
Chris@0
|
41 // The anonymous user's profile can neither be viewed, updated nor deleted.
|
|
Chris@0
|
42 if ($entity->isAnonymous()) {
|
|
Chris@0
|
43 return AccessResult::forbidden();
|
|
Chris@0
|
44 }
|
|
Chris@0
|
45
|
|
Chris@0
|
46 // Administrators can view/update/delete all user profiles.
|
|
Chris@0
|
47 if ($account->hasPermission('administer users')) {
|
|
Chris@0
|
48 return AccessResult::allowed()->cachePerPermissions();
|
|
Chris@0
|
49 }
|
|
Chris@0
|
50
|
|
Chris@0
|
51 switch ($operation) {
|
|
Chris@0
|
52 case 'view':
|
|
Chris@0
|
53 // Only allow view access if the account is active.
|
|
Chris@0
|
54 if ($account->hasPermission('access user profiles') && $entity->isActive()) {
|
|
Chris@0
|
55 return AccessResult::allowed()->cachePerPermissions()->addCacheableDependency($entity);
|
|
Chris@0
|
56 }
|
|
Chris@0
|
57 // Users can view own profiles at all times.
|
|
Chris@0
|
58 elseif ($account->id() == $entity->id()) {
|
|
Chris@0
|
59 return AccessResult::allowed()->cachePerUser();
|
|
Chris@0
|
60 }
|
|
Chris@0
|
61 else {
|
|
Chris@14
|
62 return AccessResultNeutral::neutral("The 'access user profiles' permission is required and the user must be active.")->cachePerPermissions()->addCacheableDependency($entity);
|
|
Chris@0
|
63 }
|
|
Chris@0
|
64 break;
|
|
Chris@0
|
65
|
|
Chris@0
|
66 case 'update':
|
|
Chris@0
|
67 // Users can always edit their own account.
|
|
Chris@17
|
68 $access_result = AccessResult::allowedIf($account->id() == $entity->id())->cachePerUser();
|
|
Chris@17
|
69 if (!$access_result->isAllowed() && $access_result instanceof AccessResultReasonInterface) {
|
|
Chris@17
|
70 $access_result->setReason("Users can only update their own account, unless they have the 'administer users' permission.");
|
|
Chris@17
|
71 }
|
|
Chris@17
|
72 return $access_result;
|
|
Chris@0
|
73
|
|
Chris@0
|
74 case 'delete':
|
|
Chris@0
|
75 // Users with 'cancel account' permission can cancel their own account.
|
|
Chris@17
|
76 return AccessResult::allowedIfHasPermission($account, 'cancel account')
|
|
Chris@17
|
77 ->andIf(AccessResult::allowedIf($account->id() == $entity->id())->cachePerUser());
|
|
Chris@0
|
78 }
|
|
Chris@0
|
79
|
|
Chris@0
|
80 // No opinion.
|
|
Chris@0
|
81 return AccessResult::neutral();
|
|
Chris@0
|
82 }
|
|
Chris@0
|
83
|
|
Chris@0
|
84 /**
|
|
Chris@0
|
85 * {@inheritdoc}
|
|
Chris@0
|
86 */
|
|
Chris@0
|
87 protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
|
|
Chris@0
|
88 // Fields that are not implicitly allowed to administrative users.
|
|
Chris@0
|
89 $explicit_check_fields = [
|
|
Chris@0
|
90 'pass',
|
|
Chris@0
|
91 ];
|
|
Chris@0
|
92
|
|
Chris@0
|
93 // Administrative users are allowed to edit and view all fields.
|
|
Chris@0
|
94 if (!in_array($field_definition->getName(), $explicit_check_fields) && $account->hasPermission('administer users')) {
|
|
Chris@0
|
95 return AccessResult::allowed()->cachePerPermissions();
|
|
Chris@0
|
96 }
|
|
Chris@0
|
97
|
|
Chris@0
|
98 // Flag to indicate if this user entity is the own user account.
|
|
Chris@0
|
99 $is_own_account = $items ? $items->getEntity()->id() == $account->id() : FALSE;
|
|
Chris@0
|
100 switch ($field_definition->getName()) {
|
|
Chris@0
|
101 case 'name':
|
|
Chris@18
|
102 // Allow view access to anyone with access to the entity.
|
|
Chris@18
|
103 // The username field is editable during the registration process.
|
|
Chris@18
|
104 if ($operation == 'view' || ($items && $items->getEntity()->isAnonymous())) {
|
|
Chris@0
|
105 return AccessResult::allowed()->cachePerPermissions();
|
|
Chris@0
|
106 }
|
|
Chris@0
|
107 // Allow edit access for the own user name if the permission is
|
|
Chris@0
|
108 // satisfied.
|
|
Chris@0
|
109 if ($is_own_account && $account->hasPermission('change own username')) {
|
|
Chris@0
|
110 return AccessResult::allowed()->cachePerPermissions()->cachePerUser();
|
|
Chris@0
|
111 }
|
|
Chris@0
|
112 else {
|
|
Chris@17
|
113 return AccessResult::neutral();
|
|
Chris@0
|
114 }
|
|
Chris@0
|
115
|
|
Chris@0
|
116 case 'preferred_langcode':
|
|
Chris@0
|
117 case 'preferred_admin_langcode':
|
|
Chris@0
|
118 case 'timezone':
|
|
Chris@0
|
119 case 'mail':
|
|
Chris@0
|
120 // Allow view access to own mail address and other personalization
|
|
Chris@0
|
121 // settings.
|
|
Chris@0
|
122 if ($operation == 'view') {
|
|
Chris@18
|
123 return AccessResult::allowedIf($is_own_account)->cachePerUser();
|
|
Chris@0
|
124 }
|
|
Chris@0
|
125 // Anyone that can edit the user can also edit this field.
|
|
Chris@0
|
126 return AccessResult::allowed()->cachePerPermissions();
|
|
Chris@0
|
127
|
|
Chris@0
|
128 case 'pass':
|
|
Chris@0
|
129 // Allow editing the password, but not viewing it.
|
|
Chris@0
|
130 return ($operation == 'edit') ? AccessResult::allowed() : AccessResult::forbidden();
|
|
Chris@0
|
131
|
|
Chris@0
|
132 case 'created':
|
|
Chris@0
|
133 // Allow viewing the created date, but not editing it.
|
|
Chris@17
|
134 return ($operation == 'view') ? AccessResult::allowed() : AccessResult::neutral();
|
|
Chris@0
|
135
|
|
Chris@0
|
136 case 'roles':
|
|
Chris@0
|
137 case 'status':
|
|
Chris@0
|
138 case 'access':
|
|
Chris@0
|
139 case 'login':
|
|
Chris@0
|
140 case 'init':
|
|
Chris@17
|
141 return AccessResult::neutral();
|
|
Chris@0
|
142 }
|
|
Chris@0
|
143
|
|
Chris@0
|
144 return parent::checkFieldAccess($operation, $field_definition, $account, $items);
|
|
Chris@0
|
145 }
|
|
Chris@0
|
146
|
|
Chris@0
|
147 }
|
